1 files changed, 0 insertions, 85 deletions
diff --git a/www/lynx/files/patch-CVE-2016-9179 b/www/lynx/files/patch-CVE-2016-9179
deleted file mode 100644
index 81ed8e9c0014..000000000000
--- a/www/lynx/files/patch-CVE-2016-9179
+++ /dev/null
@@ -1,85 +0,0 @@
-Fix for CVE-2016-9179
-See:
-http://lists.nongnu.org/archive/html/lynx-dev/2016-11/msg00018.html
-
-Re-engineered the upstream patch, which was only released
-for the unstable lynx2.8.9. Removed the at_sign, and made sure that
-the user id is correctly stripped of all non valid inputs.
-
---- WWW/Library/Implementation/HTTCP.c_orig	2016-12-01 15:07:39.487753520 +0000
-+++ WWW/Library/Implementation/HTTCP.c	2016-12-01 15:10:20.291328282 +0000
-@@ -1792,7 +1792,6 @@
-     int status = 0;
-     char *line = NULL;
-     char *p1 = NULL;
--    char *at_sign = NULL;
-     char *host = NULL;
- 
- #ifdef INET6
-@@ -1814,14 +1813,8 @@
-      * Get node name and optional port number.
-      */
-     p1 = HTParse(url, "", PARSE_HOST);
--    if ((at_sign = StrChr(p1, '@')) != NULL) {
--	/*
--	 * If there's an @ then use the stuff after it as a hostname.
--	 */
--	StrAllocCopy(host, (at_sign + 1));
--    } else {
- 	StrAllocCopy(host, p1);
--    }
-+    strip_userid(host, FALSE);
-     FREE(p1);
- 
-     HTSprintf0(&line, "%s%s", WWW_FIND_MESSAGE, host);
---- WWW/Library/Implementation/HTTP.c_orig	2016-12-01 15:13:24.171404704 +0000
-+++ WWW/Library/Implementation/HTTP.c	2016-12-01 15:19:59.699276204 +0000
-@@ -426,7 +426,7 @@
- /*
-  * Strip any username from the given string so we retain only the host.
-  */
--static void strip_userid(char *host)
-+void strip_userid(char *host, int parse_only)
- {
-     char *p1 = host;
-     char *p2 = StrChr(host, '@');
-@@ -439,7 +439,8 @@
- 
- 	    CTRACE((tfp, "parsed:%s\n", fake));
- 	    HTSprintf0(&msg, gettext("Address contains a username: %s"), host);
--	    HTAlert(msg);
-+           if (msg !=0 && !parse_only)
-+	        HTAlert(msg);
- 	    FREE(msg);
- 	}
- 	while ((*p1++ = *p2++) != '\0') {
-@@ -1081,7 +1082,7 @@
- 	char *host = NULL;
- 
- 	if ((host = HTParse(anAnchor->address, "", PARSE_HOST)) != NULL) {
--	    strip_userid(host);
-+	    strip_userid(host, TRUE);
- 	    HTBprintf(&command, "Host: %s%c%c", host, CR, LF);
- 	    FREE(host);
- 	}
---- WWW/Library/Implementation/HTUtils.h_orig	2016-12-01 15:21:38.919699987 +0000
-+++ WWW/Library/Implementation/HTUtils.h	2016-12-01 15:22:57.870511104 +0000
-@@ -801,6 +801,8 @@
- 
-     extern FILE *TraceFP(void);
- 
-+    extern void strip_userid(char *host, int warn);
-+
- #ifdef USE_SSL
-     extern SSL *HTGetSSLHandle(void);
-     extern void HTSSLInitPRNG(void);
---- src/LYUtils.c_orig	2016-12-01 15:25:21.769447171 +0000
-+++ src/LYUtils.c	2016-12-01 15:28:31.901411555 +0000
-@@ -4693,6 +4693,7 @@
-      * Do a DNS test on the potential host field as presently trimmed.  - FM
-      */
-     StrAllocCopy(host, Str);
-+    strip_userid(host, FALSE);
-     HTUnEscape(host);
-     if (LYCursesON) {
- 	StrAllocCopy(MsgStr, WWW_FIND_MESSAGE);